{"vulnerability": "cve-2023-4194", "sightings": [{"uuid": "91a39127-d293-4197-9e4f-d7afd4cff370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41947", "type": "seen", "source": "https://t.me/cibsecurity/70010", "content": "\u203c CVE-2023-41947 \u203c\n\nA missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:53.000000Z"}, {"uuid": "18543f00-86c8-4644-a6d2-26a8685c51b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41943", "type": "seen", "source": "https://t.me/cibsecurity/70007", "content": "\u203c CVE-2023-41943 \u203c\n\nJenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:50.000000Z"}, {"uuid": "ded9a981-f093-4e6c-8555-2a8d088b82ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41940", "type": "seen", "source": "https://t.me/cibsecurity/70005", "content": "\u203c CVE-2023-41940 \u203c\n\nJenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:48.000000Z"}, {"uuid": "d1d53803-1bb5-4acd-90dd-43b303a4263a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41941", "type": "seen", "source": "https://t.me/cibsecurity/70012", "content": "\u203c CVE-2023-41941 \u203c\n\nA missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:55.000000Z"}, {"uuid": "94564618-a052-41ae-886f-3a51c511ec8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41945", "type": "seen", "source": "https://t.me/cibsecurity/70011", "content": "\u203c CVE-2023-41945 \u203c\n\nJenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:54.000000Z"}, {"uuid": "b18626ad-f3ee-4fe3-936f-b35b5fd84594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4194", "type": "seen", "source": "https://t.me/cibsecurity/67877", "content": "\u203c CVE-2023-4194 \u203c\n\nA flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (\"tun: tun_chr_open(): correctly initialize socket uid\"), - 66b2c338adce (\"tap: tap_open(): correctly initialize socket uid\"), pass \"inode->i_uid\" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-07T18:13:47.000000Z"}, {"uuid": "0daee6e4-fa5d-4121-94ef-c573a10504bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41946", "type": "seen", "source": "https://t.me/cibsecurity/70013", "content": "\u203c CVE-2023-41946 \u203c\n\nA cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:56.000000Z"}, {"uuid": "caae2c1c-26f4-4b42-8eaf-aa26c3600f4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41944", "type": "seen", "source": "https://t.me/cibsecurity/69994", "content": "\u203c CVE-2023-41944 \u203c\n\nJenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T16:17:36.000000Z"}, {"uuid": "c553dd04-f371-49b3-bc67-b37632ee315c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41942", "type": "seen", "source": "https://t.me/arpsyndicate/2319", "content": "#ExploitObserverAlert\n\nCVE-2023-41942\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-41942. A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.\n\nFIRST-EPSS: 0.000460000\nNVD-IS: 1.4\nNVD-ES: 2.8", "creation_timestamp": "2024-01-03T12:30:24.000000Z"}]}